Merge pull request #10623 from uberbrady/fix_secure_hosts_in_subdirec…

…tory Fixes #10577 - Fix "secure hostnames" feature for subdirectory-based Snipe-IT installs
snipe · Feb 7, 2022 · 1a31231 · 1a31231
2 parents f4069e0 + f1d4087
commit 1a31231
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -47,9 +47,8 @@ public function boot(UrlGenerator $url)
         // TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow?
         if ( ! env('APP_ALLOW_INSECURE_HOSTS')) {  // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers
             $url_parts = parse_url(config('app.url'));
-            if ($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) {
-                $root_url = $url_parts['scheme'].'://'.$url_parts['host'].(isset($url_parts['port']) ? ':'.$url_parts['port'] : '');
-                \URL::forceRootUrl($root_url);
+            if ($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) { // check for the *required* parts of a bare-minimum URL
+                \URL::forceRootUrl(config('app.url'));
             } else {
                 \Log::error("Your APP_URL in your .env is misconfigured - it is: ".config('app.url').". Many things will work strangely unless you fix it.");
             }